[Pdns-users] CERT RR?

Duane duane at e164.org
Tue Apr 11 10:20:54 UTC 2006

Marten Lehmann wrote:

> when will PowerDNS implement the CERT ressource record? It is a new 
> record type that is already implemented in BIND9 that will by used for 
> different future public key infrastructures, mailserver verifies and so on.

Having been involved with PKI for the last 4 or so years, I highly doubt 
this will be the case, the guys coding bind have been pushing their PKI 
in DNS stuff for years and nothing is happening with it, nobody cares 
apart from marketing departments and how much money they can make from it...

Judging by PKI marketing you'd think https was widely used, but this 
isn't the case when you dig a little deeper...

Depending which stat site you listen to, we have in the order of 16-20 
million internet website servers...

Yet, why is there only 250,000 SSL enabled sites? (Out of those, 21,000 
sites are self signed, and 85,000 are signed by unknown CAs)

150,000 "valid" SSL sites...

On the other side of the coin how many sites are using SSH?

I'm guessing the number is a lot higher :)

PKI = printing money, it's a joke what it is billed to protect us 
against it won't and never will unless it gets completely overhauled, 
and that won't happen until the large commercial CAs get slapped with 
some big lawsuits over misleading and deceptive practises...


Best regards,

http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP

"In the long run the pessimist may be proved right,
     but the optimist has a better time on the trip."

More information about the Pdns-users mailing list